I’ve noticed a rash of a certain kind of virus on Facebook recently. Here’s an example of what it looks like (poster name and avatar obscured to protect the innocent):
The point of this trick is to get you to click on the link. Hence, these updates usually have an attention grabbing headline with a compelling picture. What happens if you click through? It replicates itself, i.e. it automatically creates a new status update sharing the same link with all of your friends, without your consent. A pernicious variation on this theme disables the comment capability so no one can warn upstream users.
How can you avoid this kind of nastiness? Here’s something that may help. If you hover your mouse over a shared link, nearly all browsers will reveal the URL (geeky term for a web site’s destination) associated with the link, usually along the bottom of the browser window. For example, here’s a status update with a link to a New York Times article:
My mouse is hovering over this update and, as you you can see, at the bottom of the window my browser is showing me the URL attached to this link. The URL starts with “http://www.nytimes.com/…” so I can be reasonably sure it’s legitimate.
As a general rule, the URL should be recognizable and should match the content. If the update purports to be a video, the URL should indicate youtube, vimeo or some other known video streaming service. A link to a Facebook photo should start with “http://www.facebook.com”. You get the idea.
Of course, this is not fool-proof, by any means, as people often post legitimate links to obscure sites you’ve never heard of. In that case, a dash of common sense helps. Is your 80 year old mother sending you an amazing story about Justin Bieber? Is someone you rarely communicate with suddenly offering you a free iPad? Don’t click on anything that doesn’t pass the smell test.
What should you do if you inadvertently fall for one of these tricks? At the very least, you should delete any status updates shared on your behalf by simply clicking the ‘x’ in the upper right corner of the update. You might also message the person who posted the update that tricked you, letting them know what happened, so they can remove their copy (they were tricked too and often don’t realize it). A good rule of thumb is, before you exit any facebook session, check your profile page and make sure there are no status updates that you don’t personally remember adding. If you see something fishy, delete it.
Another thing to be wary of – sometimes you’ll click on a legitimate link which takes you to a facebook page requesting access to your profile. Popular players in this genre are the “photo of the day” app and the “find out who’s been accessing your profile” app. The problem is there’s no way to know whether you can trust the app with your private data. Any time I click on something that asks for access to my data, no matter how intrigued I am by the potential service, I say thanks but no thanks.
Facebook is really cool for sharing info, pictures, etc. with friends but it’s also a virus writer’s dream because it’s very hard to tell when it’s ok to follow a link. The best advice is TBC – Think Before Clicking. Just like in the real world, if you have a bad feeling about something, skip it.